Tinder flaw could expose your swipes to snoops

There's a basic security measure missing from Tinder's mobile dating app.And it could let prying eyes see your...

Posted: Jan 24, 2018 5:21 AM
Updated: Jan 24, 2018 5:21 AM

There's a basic security measure missing from Tinder's mobile dating app.

And it could let prying eyes see your potential matches, along with whether you swiped left or right, a security firm has found.

The issue was discovered by researchers at the security firm Checkmarx. The company says it stems from Tinder's decision to not use HTTPS, a security protocol, to encrypt photos on its iOS and Android apps.

Sites that use HTTPS, compared to HTTP, encrypt communications between the user's browser or app and web server, so information is protected against hackers or eavesdroppers.

Because photos are not encrypted, it's possible for eavesdroppers on the same Wi-Fi network to monitor a user's behavior on the dating app and see photos of a user and potential matches. It also allows someone to inject images or malicious content into the app feed.

The lack of encryption could let a snoop spy on your Tinder activity in places like coffee shops or at work. Though no passwords or other sensitive data is leaking, researchers said this tactic could potentially be used to blackmail someone.

Tinder says it knows about the missing encryption. A Tinder spokesperson told CNNTech in an email Tuesday that photos on the Tinder app are publicly available to anyone using Tinder. The company said its desktop and mobile web platforms already encrypt images, and it is working toward encrypting them in the app.

Erez Yalon, manager of application security research at Checkmarx, said the application should be fixed to prevent potential spying. He added that he reported the issue to Tinder in mid-November.

Related: This $18 key can protect you from hackers

"There's absolutely no reason not to use HTTPS for everything," Yalon told CNNTech. "Letting sensitive data be transferred unencrypted is wrong."

Tinder encrypts other information within the app, but it was possible for researchers to figure out patterns that correlate to swiping left, right, and matching with someone. For example, swiping left is represented by 278 bytes each time.

By pairing swiping data with visible images, researchers showed it's possible for a hacker to see on whom someone swiped left or right. The firm created an app called Tinder Drift to demonstrate a potential spying scenario.

Oregon Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 3949

Reported Deaths: 148
CountyConfirmedDeaths
Multnomah104558
Marion90925
Washington69517
Clackamas29410
Deschutes1200
Linn1159
Umatilla1123
Polk9610
Lane672
Yamhill657
Jackson600
Benton555
Clatsop450
Klamath410
Coos310
Malheur280
Josephine261
Douglas250
Jefferson240
Wasco181
Columbia160
Hood River120
Morrow120
Lincoln90
Tillamook60
Curry60
Union60
Crook50
Wallowa20
Sherman10
Grant10
Harney10
Baker10
Unassigned00
Eugene
Broken Clouds
71° wxIcon
Hi: 75° Lo: 50°
Feels Like: 71°
Corvallis
Clear
73° wxIcon
Hi: 75° Lo: 50°
Feels Like: 73°
Roseburg
Clear
81° wxIcon
Hi: 81° Lo: 57°
Feels Like: 81°
North Bend
Clear
59° wxIcon
Hi: 64° Lo: 51°
Feels Like: 59°
KEZI Radar
KEZI Temperatures
KEZI Planner

LATEST FORECAST

Community Events